Hi @JoeyBodnar here a related discussion about security of the authData field.
Once this PR will be merged: https://github.com/parse-community/parse-server/pull/7079
It will be easier to control authData saved and return to the client.
Using cloud function to achieve this will work.
On another side JWT of Apple/Google/Facebook are short lived (something like 15min). Also, even with the Cloud function you will send the JWT through the network. This network need to encrypted (thanks to SSL/TLS).
From my point of view you should stick to the classic Rest login endpoint, actually the security benefits of using a cloud function will be not significant.
In another side i’ll recommend you to ensure that the User session token is saved in safe place. In case of a webapp for example, it’s a bad practice to save the session token into the localstorage/sessionstorage. Here some ressources about cookies dedicated to sensitive data: Session Management - OWASP Cheat Sheet Series